MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: my hjt log file...
October 15, 2019, 02:59:38 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
October 15, 2019, 02:59:38 AM

Login with username, password and session length
 
News
Help us help you! Help us help you by helping out! The more people know about us, the more help will be available. Click here to find out how...
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2  All Go Down Print
Author Topic: my hjt log file...  (Read 2887 times)
lghtningbug
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 15


Bookmark and Share

View Profile
« on: March 04, 2005, 09:15:05 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: XP home edition
Problem Application Name & Version: everything!
Problem Hardware Make & Model:
Error Messages:



Everyday I have to scan for spy- and ad-ware on my computer.  Everyday there is a ton more, and more of the same! What is wrong?

Logfile of HijackThis v1.99.1
Scan saved at 3:07:39 PM, on 3/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\SYSTEM32\sistray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Heidi\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\frickin spyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mypoint.uwsp.edu/mypoint/default.aspx
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.uwsp.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.uwsp.edu/wpad.dat
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [BoMkBU1vp] C:\WINDOWS\rlnrfkyq.exe
O4 - HKLM\..\Run: [lmu] C:\WINDOWS\LMU.exe
O4 - HKLM\..\Run: [RUNGogoTools] C:\Program Files\GogoTools\Gogoware\GogoLaunch.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Bo
Logged

 
lghtningbug
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 15


Bookmark and Share

View Profile
« Reply #1 on: March 04, 2005, 10:11:23 PM »

oh- and everytime i run housecall, java bytever (i think that's the exact name) appears and is "deleted" after being rendered uncleanable, but it has been around on my computer for months.  please help me Sad
Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #2 on: March 04, 2005, 10:33:19 PM »

Before you do anything else, try the following:

Start by disabling System Restore, which is something you can re-enable after the PC has been fixed.

Furthermore, make sure that Windows Explorer is set to show hidden files and folders. Click Tools/Folder Options -> View and check Show hidden files and folders and uncheck Hide protected operating system files

Now download the following programs:

Stinger
CWShredder
Spybot Search & Destroy
Ad-Aware
VX2 Cleaner
About:Buster
Cleanup! <-- you won't use this one until after we've made some amendments to your logfile.

Now go to the following online AV scanners:

Rav Antivirus
Trend Antivirus
Panda Activescan

Let all of them delete what they want. Write down what they fail in dealing with.

Now run Stinger. It's a standalone tool that's designed to carve out trojans and such. Let it run and allow it to do it's thing.

Then run and update CWShredder. Click the Fixbutton and click OK when the prompt CWShredder will shutdown any open Internet Explorer and Windows Media Player windows. Click OK to continue.
Wait for it to finish and then click Next and Finish.

Now install, run, update and scan your system with Spybot S&D.
When it's done scanning, check all entries that are marked RED and click Fix Selected.

Then install Ad-Aware and update it right away. Then scan and let it fix whatever it reports.
Then shut down Ad-Aware.
Then install the VX2 Cleaner and let it install into the Ad-Aware program folder.
Start Ad-Aware again and click the AddOns button. Double click the VX2 Cleaner in there and click OK at the prompt.

If your computer is infected

 Select
Logged

lghtningbug
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 15


Bookmark and Share

View Profile
« Reply #3 on: March 05, 2005, 03:16:29 AM »

I am SO sorry about the system restore stuff- I just rebooted in safe mode and did all that stuff, but I guess it reverted back to the way it was when I restarted again.  

Anyway-
TrojanDownloader:Win32/Totalvel.A
Trojan:Win32/SecondThought.R.dr
CWS:Look2Me

That seemed to be the only things that the looong list of programs had problems with, but I'm not sure that all those programs worked correctly.

Logfile of HijackThis v1.99.1
Scan saved at 9:08:58 PM, on 3/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\SYSTEM32\sistray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\hjt\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mypoint.uwsp.edu/mypoint/default.aspx
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.uwsp.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.uwsp.edu/wpad.dat
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [BoMkBU1vp] C:\WINDOWS\rlnrfkyq.exe
O4 - HKLM\..\Run: [lmu] C:\WINDOWS\LMU.exe
O4 - HKLM\..\Run: [RUNGogoTools] C:\Program Files\GogoTools\Gogoware\GogoLaunch.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Bo
Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #4 on: March 05, 2005, 06:47:00 PM »

Ok, this time, do the exact same things I recommended in my first post.

But instead of stopping where we left off, disconnect from the internet, print this page out (or copy/paste to Notepad) and shut down all browsers

Next open up your Task Manager and try to end the following processes, if they are there, note that you may have to right click each entry and select End Process Tree

jusched.exe
ViewMgr.exe
iTunesHelper.exe
sistray.exe


Now let HJT fix the following entries:

R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [BoMkBU1vp] C:\WINDOWS\rlnrfkyq.exe
O4 - HKLM\..\Run: [lmu] C:\WINDOWS\LMU.exe
O4 - HKLM\..\Run: [RUNGogoTools] C:\Program Files\GogoTools\Gogoware\GogoLaunch.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Bo
« Last Edit: March 05, 2005, 06:47:42 PM by redaxe » Logged

lghtningbug
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 15


Bookmark and Share

View Profile
« Reply #5 on: March 06, 2005, 02:40:11 AM »

okay- everything seemed to go as planned, except when i was deleting my temporary internet files, under local service it wouldn't let me delete INDEX.DAT because it's currently in use...

oh, and what exactly is sistray? it has always been freezing on me...

Logfile of HijackThis v1.99.1
Scan saved at 8:37:31 PM, on 3/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwsp.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.uwsp.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.uwsp.edu/wpad.dat
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: ResReg.bat
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures04.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.6.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = uwsp.edu
O17 - HKLM\Software\..\Telephony: DomainName = uwsp.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = uwsp.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = uwsp.edu
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Heidi\Desktop\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

thanks again for your time Smiley
Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #6 on: March 06, 2005, 12:34:52 PM »

Index.dat is a necessary file, so you don't have to worry one bit about that, if you want to feel safe about it, you can always try the Panda Activescan again and let it scan that file exclusively.

sistray - sistray.exe - Process Information

Process File: sistray or sistray.exe
Process Name: Silicon Integrated Systems Sistray
 
Description:
sistray.exe is installed alongside the hardware drivers for SIS video output devices, and offers additional configuration and diagnostic features. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems.

On the other hand.

This page is something one needs to have in mind as well.

So it's harmless enough to totally disable the file, as it's not system essential.

But your log is clean now, so happy interwebbing. Grin
Logged

lghtningbug
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 15


Bookmark and Share

View Profile
« Reply #7 on: March 06, 2005, 05:22:08 PM »

THANK YOU THANK YOU THANK YOU!

now that everything is clean, i just have to reenable system restore, hide those hidden files, and then what?

is there anything i can do to stop getting all the **** again? well, short of disconnecting Smiley
Logged

 
lghtningbug
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 15


Bookmark and Share

View Profile
« Reply #8 on: March 06, 2005, 05:25:35 PM »

oh- and how do i disable ipodservice?  i've never used it, but i can't exactly find where to stop it.
Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #9 on: March 07, 2005, 12:12:49 AM »

To disable iPodservice, click Start -> Run and at the prompt type Services.msc. Scroll down the list to find ipodservice and double click it.
You'll get a Properties window, where you first click the Stop button and then from the dropdown menu, select Disabled. That means ipodservice will never start up again for you Smiley.

To stay safe from all the baddies out there, you could always drop by at JavaCoolSoftware and download Spywareblaster and Spywareguard.

Install, run, update and enable all protection in Spywareblaster.
Install, run, update and let Spywareguard start up with Windows.

Make sure you update the SWBlaster every 10 days at least and SWGuard at least once a month. There may not be that many updates, but those two tools will definitely help you.

I also recommend that you start using a different browser for most of your online activities. Mozilla, Firefox or something of the sort. Only use Internet Explorer for something that you can't use the other browser for, like Windows Updates and such.

If you want to keep on using IE though, make sure you check Windows Updates frequently and install all the latest patches available.

Also go to your Control Panel and Internet Options and look up ActiveX scripting. Click the Security tab, Custom Level button.
Scroll down the list and when you come across ActiveX Controls and Plugins set it up as follows:

Download Signed ActiveX Controls = Prompt
Download Unsigned ActiveX Controls = Disable
Initialize and script ActiveX Controls not marked as safe = Disable
Run ActiveX Controls and Plugins = Prompt
Script ActiveX Controls marked safe for Scripting = Prompt

Apply and OK out. Then reboot and have a wonderful time online.
As a matter of interest, are you using the Norton firewall or the Windows XP SP2 firewall?
Logged

lghtningbug
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 15


Bookmark and Share

View Profile
« Reply #10 on: March 07, 2005, 06:27:36 AM »

i don't know if i'm using a firewall at all. how do i know that?
Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #11 on: March 07, 2005, 06:41:20 PM »

Open your Security Center, it's part of ServicePack2 for Windows XP

Additionally, did you only buy Norton AV or did you buy Norton System Works or Norton Internet Security??
The latter two have a built in firewall.
Logged

lghtningbug
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 15


Bookmark and Share

View Profile
« Reply #12 on: March 07, 2005, 10:34:48 PM »

okay, i guess i'm using the xp firewall.  i don't have norton antivirus anything... i have this dumb symantic corporate thing that i am required to have while on this server at college.

oh, and all this prompting is driving me nuts! everytime i go to any page i have to click at least two windows... is that the only way i can protect myself? if so, how would i know what not to accept?
Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #13 on: March 07, 2005, 11:44:24 PM »

If you want to be absolutely sure that you don't allow ActiveX scripts to run, then switch to using Mozilla or Firefox. They don't run ActiveX at all, so you won't even be prompted for them. You'll need IE for Windows Updates though and also the online virus scanners, at least most of them.

If you want to get a decent software firewall that's not too intrusive, I suggest getting Sygate free firewall. It's easy to set up and will monitor outgoing traffic, which the XP firewall doesn't do.
So install Sygate, disable the XP firewall and you should be relatively safe.
Logged

lghtningbug
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 15


Bookmark and Share

View Profile
« Reply #14 on: March 15, 2005, 05:32:04 AM »

which is better- mozilla or firefox? if neither is "better," per se, which would you prefer?
Logged

 
Pages: [1] 2  All Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 21, 2018, 01:34:15 PM